LotL RMM

Living Off The Land (LOTL) persistent Reverse shell

BypassIT is a framework for covert malware delivery and post-exploitation using AutoIT for red / blue team self assessment.

Kernel R&D | SysWhispers & HellsGate Successor, fully modular Indirect & Direct Syscall Framework - EDR/AV/AC Capability Platform

Best practice configuration for Linux auditd for CIS and STIG standards, enhanced with LOTL detection rules.

Advanced Living Off the Land (LotL) tactics, tools, and abuse techniques for red teams, defenders, and cyber researchers. Stealth over payload.

LotL-Watcher is a lightweight security monitoring tool designed to detect and mitigate "Living-off-the-Land" attacks. Instead of relying on traditional file signatures, this tool monitors the behavior of trusted Windows binaries (like certutil, powershell, wmic, mshta).

Certificates repository from https://webgate.ec.europa.eu/tl-browser generated by node-tl-browse using Azure Devops

POC framework for detecting LOLBin abuse in Sysmon logs using Splunk SPL. Implements 12 layered checks (signature matching, parent-child anomalies, threat intel, statistical baselines) with risk scoring for automated alert prioritization. Supports standalone Splunk or distributed n8n architecture.

lotl (like an axolotl 🦎) is a Node.js CLI tool for converting Markdown files to PDF with customizable themes. Simple, efficient, and just a little bit cute.

Source code for a deprecated "LOTL file transfer technique" which would utilize the Windows BITS subsystem

Worshop en Red Team Space, Ekoparty 2023

🛡️ Detect and prevent Living-off-the-Land attacks with advanced kernel-level visibility and a high-performance .NET platform for enhanced system security.